 | 1 | initial version |
Nothing as ambiguous as the word session, as it could be seen from the user perspective, the application perspective, the network perspective. So any time this word is used, it is important to determine the context. The same goes for words as stream and conversation.
In Wireshark, the word stream is used in context of a protocol to give packets the same stream number when they have matching criteria at a certain protocol level. For instance tcp.stream is bound by the start (SYN) and finish (FIN or RST) of packets that have matching IP addresses and ports. So the same 5 tuple (addresses, ports and protocol (=TCP in this case)) could be used by multiple tcp streams, as port numbers can be re-used over time.
For UDP with no session start or end, all packets with the same IP addresses and ports get the same udp.stream number, even though they could be different sessions from the application perspective (think of DNS requests and responses, each req/resp combo is a session, however, if later on the same port numbers are used, it ends up with the same stream number).
In short, there is no definitive answer and you should check the context for understanding how these words are used when they are used :-)
